New installation: mail relay & SOAP problems

[cheros]

Hi all,

Just installed 5.0.4 (typical that after that 5.0.5 comes out), and I used the "Zimbra on OpenSuSE 10.3" instructions.

So far I've been able to receive mail on the one account I set up, but sending is bounced with a "sender not accepted" message, and in the logs it appears Zimbra's MTA seems to consider the sending a relay attempt.

The mailbox.log is full of SOAP failures, in the middle we find (email target replaced):

Caused by: com.zimbra.cs.mailbox.MailSender$SafeSendFailedExc eption: 554 5.7.1 : Relay access denied
; chained exception is:
com.sun.mail.smtp.SMTPAddressFailedException: 554 5.7.1 : Relay access denied

Interesting is that it appears the management console is also not able to authenticate properly, I can't see mail queue or anything else (comes up with some SOAP error).

Further research shows that the management console on port 7071 also not kosher is: I get virtually every server function (queue check, for instance), thrown back at me with some SOAP auth problem message.

Here's mailbox.log when that happens (domain name replaced with mydomain.net):

2008-04-23 23:31:53,226 INFO [btpool0-41] [name=admin@mydomain.net;ip=127.0.0.1;ua=ZimbraWebC lient - IE6 (Win);] SoapEngine - handler exception
com.zimbra.common.service.ServiceException: system failure: exception during auth {RemoteManager: sys.mydomain.net->zimbra@sys.mydomain.net:22}
ExceptionId:btpool0-41:1208986313226:c3fbc78efa001c67
Code:service.FAILURE
at com.zimbra.common.service.ServiceException.FAILURE (ServiceException.java:253)
at com.zimbra.cs.rmgmt.RemoteManager.getSession(Remot eManager.java:192)
(it goes on like this).

but it appears virtually nothing else works, coming up with SOAP errors. Maybe my hosts file is wrong, it looks a bit of a mess IMHO anyway:

127.0.0.1 localhost.localdomain localhost

# special IPv6 addresses
::1 localhost ipv6-localhost ipv6-loopback
fe00::0 ipv6-localnet
ff00::0 ipv6-mcastprefix
ff02::1 ipv6-allnodes
ff02::2 ipv6-allrouters
ff02::3 ipv6-allhosts
127.0.0.2 sys.mydomain.com sys
123.123.123.123 sys.mydomain.com sys


I'm not a complete novice but I'm new to Zimbra and how it does things. It thus seems logical that I have possibly done something simple wrong (the "duh" factor). Would anyone have a feeling where I screwed up?

Thanks in advance,

= CH =

[mmorse]

Quote:

Originally Posted by cheros

So far I've been able to receive mail on the one account I set up, but sending is bounced with a "sender not accepted" message, and in the logs it appears Zimbra's MTA seems to consider the sending a relay attempt.

The mailbox.log is full of SOAP failures, in the middle we find (email target replaced):

Caused by: com.zimbra.cs.mailbox.MailSender$SafeSendFailedExc eption: 554 5.7.1 : Relay access denied
; chained exception is:
com.sun.mail.smtp.SMTPAddressFailedException: 554 5.7.1 : Relay access denied

This when sending with a thick client?
Post the output of:
su - zimbra
zmprov gs `zmhostname` | grep zimbraMtaMyNetworks
postconf mynetworks

Quote:

Originally Posted by cheros

Interesting is that it appears the management console is also not able to authenticate properly, I can't see mail queue or anything else (comes up with some SOAP error).

Further research shows that the management console on port 7071 also not kosher is: I get virtually every server function (queue check, for instance), thrown back at me with some SOAP auth problem message.

Here's mailbox.log when that happens (domain name replaced with mydomain.net):

2008-04-23 23:31:53,226 INFO [btpool0-41] [name=admin@mydomain.net;ip=127.0.0.1;ua=ZimbraWebC lient - IE6 (Win);] SoapEngine - handler exception
com.zimbra.common.service.ServiceException: system failure: exception during auth {RemoteManager: sys.mydomain.net->zimbra@sys.mydomain.net:22}
ExceptionId:btpool0-41:1208986313226:c3fbc78efa001c67
Code:service.FAILURE
at com.zimbra.common.service.ServiceException.FAILURE (ServiceException.java:253)
at com.zimbra.cs.rmgmt.RemoteManager.getSession(Remot eManager.java:192)
(it goes on like this).

Assuming you're using the standard ssh port:
1. Check /etc/sshd_config and be sure it's set to 22
2. stop/start/restart sshd

Code:

/etc/init.d/ssh restart

3. su - zimbra
4. Be sure zimbra's ssh port is set to 22

Code:

zmprov ms server.domain.com zimbraRemoteManagementPort 22

5. Generate new ssh keys

Code:

cd /opt/zimbra/bin/
./zmsshkeygen

6. Deploy the keys

Code:

./zmupdateauthkeys

To test this, you can run the following command:

Quote:

ssh -vi .ssh/zimbra_identity -o strictHostKeyChecking=no zimbra@server.domain.com -p 22

-Shouldn't prompt you for a password at this point...then check the admin console mail queues area/servers/certificates.
If you continue to get that error please see this doc for some more ideas Mail Queue Monitoring - Zimbra :: Wiki

[phoenix]

Quote:

Originally Posted by cheros

127.0.0.2 sys.mydomain.com sys

You need to remove that line from your hosts file.

[cheros]

Quote:

Originally Posted by mmorse

Assuming you're using the standard ssh port:
1. Check /etc/sshd_config and be sure it's set to 22
2. stop/start/restart sshd

Code:

/etc/init.d/ssh restart

3. su - zimbra
4. Be sure zimbra's ssh port is set to 22

Code:

zmprov ms server.domain.com zimbraRemoteManagementPort 22

Ah - I wasn't aware it's using SSH internally. I never have SSH running on port 22 on a system that is publicly exposed because I don't want to trawl through a mile worth of logfile entries with dictionary attack failures :-).

I'll first move the daemon back to port 22 and see what happens (and comment out the hosts file entry for 127.0.0.2 as phoenix pointed out), then run the commands as described above.

If I want SSH elsewhere, is "zmprov" where that is adjusted in Zimbra?

Be back later, but I think you may have already identified the "duh" in my config .